[j-nsp] mSyslog + Juniper logs
Rafal Szarecki
rszarecki at gmail.com
Thu May 18 03:17:39 EDT 2006
Erdem,
The explicit priority is a hack, which is not always neccessery. Syslog
packet looks like:
<2B Facility><1B Priority><sender IP address><Timestamp><MESSAGE>.
The "explicite-prioryty" insert string into message which is redundant to
first 3 Bytes of Syslog packets.
Your mSyslog has to be able to understand 1st 3B of packet by force of RFC.
Parsing of MESSAGE is not required by any standard. Whole Message is just
string, and Syslog is not intendednt to do any operation on message.
However some syslog server (e.g. syslog-ng 1.6 ) can do a little with this.
Rafał Szarecki
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Erdem Sener
Sent: 17 May 2006 10:02
To: jnsp
Subject: [j-nsp] mSyslog + Juniper logs
Hi all,
Anyone actively using mSyslog with mysql as syslog server for Juniper
routers?
Reason I'm asking is that mSyslog cannot parse 'facility' and
'priority' fields from Juniper logs, although 'explicit-priority' is
configured.
I guess some code hacking is necessary but I'm just too lazy :)
Thanks,
--
Erdem
"http://tr1.monstersgame.net/?ac=vid&vid=20030512"
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list